United States Patent and Trademark Office 




ARTMENT OF COMMERCE 
Patent Jmd Trademark Office 
ER FOR PATENTS 



Iria, Virginia 22313-1450 

— gov 



| ATTORNEY DOCKET NO. | CONFIRMATION NO. 



APPLICATION NO. 



FILING DATE 



FIRST NAMED INVENTOR 



09/672,206 



09/28/2000 



Danny Raz 



8786 



46363 7590 07/25/2006 

PATTERSON & SHERIDAN, LLP/ 
LUCENT TECHNOLOGIES, INC 
595 SHREWSBURY AVENUE 
SHREWSBURY, NJ 07702 



EXAMINER 



KANG, PAUL H 



ART UNIT 



PAPER NUMBER 



2144 

DATE MAILED: 07/25/2006 



Please find below and/or attached an Office communication concerning this application or proceeding. 



PTO-90C (Rev. 10/03) 



Office Af*tic%n Su/Ti/nan/ 


Application No. 

09/672,206 


Applicant(s) 

RAZ, DANNY 


Examiner 
Paul H. Kang 


Art Unit 
2141 





-- The MAILING DATE of this communication appears on the cover sheet with the correspondence address - 
Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 

WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .1 36(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 1 33). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1 )KI Responsive to communication(s) filed on 01 May 2006 , 
2a)^ This action is FINAL. 2b)D This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1 , 453 O.G. 213. 

Disposition of Claims 

4) ^ Claim(s) 1^9 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) ^ Claim(s) 1^9 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) n Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10)^ The drawing(s) filed on 28 September 2000 is/are: a)^ accepted or b)\Zl objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 

Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1 .121 (d). 
1 1 )□ The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-1 52. 

Priority under 35 U.S.C. § 119 

12)D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 
a)D All b)D Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2. Q Certified copies of the priority documents have been received in Application No. . 

3. Q Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 



Claim Rejections - 35 (JSC § 103 

1 . The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in 
this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

Claims 1-9 are rejected under 35 U.S.C. 103(a) as being unpatentable over Poletto et aL (US Patent 
Application Publication No. 2002/0031134 and Poletto hereinafter) in view ofMalan et aL, US Patent Application No. 
2002/0035698 Al. 

2. As to claim 1, the Poletto teaches the invention substantially as claimed. Poletto teaches a system and method for 
thwarting coordinated SYN denial of service attacks (CSDos), wherein a predetermined fraction of S YN packets destined 
for a server is switched to a processor for analysis (paragraphs 0025-0031), establishing a TCP connection between the 
client and server, monitoring the timeout connections, wherein if the timeout connections exceeds a predetermined 
threshold, the connection is reset. 

However, the prior art of record does not explicitly teach controlling a network switch to divert a predetermined 
fraction of SYN packets destined for a server, to a web guard processor, and if after monitoring the timed-out connections 
exceeds a predetermined threshold, controlling the switch to divert all SYN packets destined to said server to said web 
guard processor. 

In the same field of endeavor, Malan teaches a method and system for protecting a network from denial of 
service attacks comprising controlling a network switch to divert a predetermined fraction of SYN packets destined for a 
server, to a web guard processor, and if after monitoring the timed-out connections exceeds a predetermined threshold, 
controlling the switch to divert all SYN packets destined to said server to said web guard processor (see Malan, paragraph 
0108-0110). 
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3. As per claim(s) 2 Poletto-Malan teaches the claimed invention as described in claim(s) 1 above and furthermore 
discloses generating an alarm indicating that said server is likely to be under attack, (See Poletteo, paragraph 0055-0058). 

4. As per claim(s) 3 Poletto teaches the claimed invention as described in claim(s) 1-2 above and furthermore 
discloses determining if the number of timed-out connections between said web guard processor and said clients exceeds a 
second predetermined threshold, and if so, controlling said switch to delete (i.e., reset) all SYN packets destined for said 
server, (Poletteo, paragraph 0060-0072). 

5. As per claim(s) 4 Poletto teaches the claimed invention as described in claim(s) 1-3 above and furthermore 
discloses the step of generating an alarm indicating that said server is under attack, (See Poletteo, paragraph 0055-0058). 

6. As per claim(s) 5 Poletto teaches the claimed invention as described in claim(s) 1-4 above and furthermore 
discloses notifying said server that it is under attack, (See Poletteo, paragraph 0038). 

7. As per claim(s) 6 Poletto teaches the claimed invention as described in claim(s) 1-5 above and furthermore 
discloses notifying other web guard processors in said network that said server is under attack, (See Poletteo, paragraph 
0037-0040). 

8. As per claim(s) 7 Poletto discloses the invention substantially as claimed. Poletto teaches arranging a switch 
receiving said SYN packets destined to said server to forward said SYN packets to a TCP proxy arranged to operate 
without an associated cache, for each SYN packet, sending a SYN/ACK packet from the TCP proxy to a sender address 
included in the SYN packet by the host, wherein, when subject to a CSDOS attack, does not successfully establish a TCP 
connection with said malicious host, and no TCP connection is made from said TCP proxy to said server, thereby 
protecting said server from said attack (See Poletto, paragraph 0053-0063). 

9. As per claim(s) 8, Poletto discloses forwarding a statistical sampling of packets from a switch in said network to 
a processor, if packets in said sampling indicate an attack, alerting the operation of said switch to reduce the effects of said 
attack, (See Paragraph 0042-0048). 
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However, the prior art of record does not explicitly teach controlling a network switch to divert a predetermined 
fraction of SYN packets destined for a server, to a web guard processor, and if after monitoring the timed-out connections 
exceeds a predetermined threshold, controlling the switch to divert all SYN packets destined to said server to said web 
guard processor. 

In the same field of endeavor, Malan teaches a method and system for protecting a network from denial of 
service attacks comprising controlling a network switch to divert a predetermined fraction of SYN packets destined for a 
server, to a web guard processor, and if after monitoring the timed-out connections exceeds a predetermined threshold, 
controlling the switch to divert all SYN packets destined to said server to said web guard processor (see Malan, paragraph 
0108-0110). 

10. As per claim(s) 9 Poletto-Malan teach the claimed invention as described in claim(s) 8 above and furthermore 
discloses said switch is arranged to discard packets in the event an attack is detected, (See Poletto, Paragraph 0060-0062). 

Response to Arguments 

1 1 . Applicant's arguments filed May 1 , 2006 have been fully considered but they are not persuasive. The applicants 
argued in substance that: 

A) Claims 1-9 recite a practical application therefore a concrete, tangible and useful result. 

As to point A, the examiner finds applicants' arguments to be persuasive. Therefore, upon further consideration 
in light of applicants' arguments, the rejection under 35 U.S. C. 101 is withdrawn. 

B) "The Poletto and Malan references are not proper prior art against the Applicant's application. Specifically, 
the Applicant's application has a filing date of September 28, 2000. This filing date is before the date of both the Poletto 
(August 16, 2001) and Malan (May 15, 2001) references. Thus both the Poletto and Malan references are not prior art 
relative to the Applicants' Application. 

"It is also hereby noted that if the Examiner attempts to use the provisional application date of either the Poletto 
reference (September 7, 2000) or the Malan reference (September 8, 2000), then the Examiner is technically applying 
different references against the present application. In that case, the Examiner must provide and cite the Poletto and Malan 
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provisional application against the present invention ." (Emphasis original). See Remarks, page 9. 

As to point B, the examiner respectfully disagrees. The priority date of a U.S. patent claiming the benefit of an 
earlier filed provisional application is the filing date of the provisional application. In this instance, the examiner has 
verified that the subject matter of the prior art of record relied upon were disclosed in the respective provisional 
application in accordance with 35 U.S.C. 112. Therefore, reliance of the Poletto and Malan references are deemed proper. 

The following different series of U.S. patents are being or in the past have been issued. 
The date of patenting given on the face of each copy is the publication date and is the one 
usually cited. The filing date, in most instances also given on the face of the patent, is 
ordinarily the effective date as a reference (35 U.S.C. 102(e)). See MPEP § 
706.02(f)(1) and § 2127, paragraph II. The 35 U.S.C. 102(e) date of a U.S. patent 
can be an earlier effective U.S. filing date. For example, the 35 U.S.C. 102(e) prior art 
date of a U.S. patent issued from a nonprovisional application claiming the benefit of a 
prior provisional application (35 U.S.C. 1 1 1 (b)) is the filing date of the provisional 
application for subject matter that is disclosed in the provisional application. MPEP 901.04. 

Conclusion 

THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing 
date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the 
advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened 
statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1 . 1 36(a) 
will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply 
expire later than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to 
Paul H. Kang whose telephone number is (571) 272-3882. The examiner can normally be reached on 9 hour flex. First 
Friday. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, William Vaughn can 
be reached on (571) 272-3922. The fax phone number for the organization where this application or proceeding is 
assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent Application Information 
Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or 
Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more 
information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private 
PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from 
a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA 
OR CANADA) or 571-272-1000. 




